1. Field of the Invention
The present invention relates to a method of providing an automatic security check. The invention is particularly, but not exclusively, useful in relation to the security of computers accessed via telecommunications links.
2. Related Art
At the most basic level, the provision of a security check involves one person allowing only people whom he recognises to pass. However, this basic system becomes unworkable once such large numbers of people are authorised that it is not feasible for each of them to be recognised by the person providing the security check. For this reason, such checks are often implemented by issuing all those people who are authorised to pass the check with a portable device which indicates that they are so authorised. In order to prevent the portable devices being used by persons other than those that they were issued to, the portable devices may be made specific to that person. For example, the devices may be provided with a photograph of the authorised person or may be signed by the authorised person. An example of the former is a passport which contains a photograph of its owner and an example of the latter is a cheque guarantee card which is signed by its owner. Provided a person judges that there is sufficient similarity between the photograph and the appearance of the person or between the signature of the person and the signature on the card, the possessor of the passport or cheque guarantee card will be allowed to pass the relevant security check, in the examples given, to cross a national border or to debit money from an account.
In many cases, it is desirable to automate the provision of a security check. This is usually achieved by assigning each authorised user a data sequence which is to be memorised by him. For example, a bank account holder may have a personal identification number (PIN) assigned to him and a person who is authorised to access a computer may have a password assigned to him.
More recently, security checks have been developed which involve capture of data which is, at least in part, dependent on a biometric i.e. a statistical or quantitative measure of a biological feature of a person. For example, U.S. Pat. No. 5,291,560 discloses a device which images the eye of a person to obtain data representing the spatial luminance distribution presented by his iris; converts that image data to an “iris code”, which is then compared to stored iris codes of authorised users. The capture of other biometrics such as signatures and fingerprints has been suggested.
A problem arises if the data sequence used in an automatic security check falls into the hands of an unauthorised person since he or she can then use the data sequence to breach the security check.
One way in which the security check might be breached is by an eavesdropper who obtains an authorised user's password, PIN or iris code as it is transmitted over a communications link on the user attempting to pass a security check. The password, PIN or iris code can then subsequently be resent by the eavesdropper to allow him to pass a security check. The words “communications link” are here intended to include telephone lines (copper cable or optical fibre), radio or other wireless communication links, any cabling between electronic devices in separate housings and other similar types of links. Such cabling might be monitored using a recording device attached to the communications link or perhaps by monitoring electromagnetic radiation emanating from the link.
A similar problem arises when a portable device having a data sequence stored thereon is carried by authorised users—e.g. a PIN stored on a bankcard—is stolen and read.
A standard approach to these problems is to encrypt the password or PIN using an encryption algorithm. However, many commercial systems rely on encryption techniques that are known to be vulnerable to attack by a competent cryptanalyst. Furthermore, the perceived security of more advanced encryption techniques such as RSA encryption, rests on an underlying assumption that certain mathematical operations are computationally unfeasible to carry out.
It is also known to operate on a data sequence using a so-called one-way hash function. The function operates on the data sequence to provide a shortened data sequence which is sufficient to ‘fingerprint’ the data sequence. For example, the problem of storing passwords at a central server can be avoided by instead storing the shortened data sequences resulting from operating on the passwords using such a one-way hash function—if the shortened data sequences match, then it is reasonable to assume that a valid password was entered by the user. This allows the provision of password security without necessitating the storage of the passwords themselves at the central server.
Both encryption algorithms and one-way hash functions carry a significant processing overhead, and neither can be shown to guarantee security. The processing overhead is undesirable in commercial systems because it both reduces the rate at which data can be transmitted and increases the cost of equipment.